{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"rsync security update", "category":"general", "title":"Synopsis" }, { "text":"An update for rsync is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files are present at one of the ends of the link beforehand.\n\nSecurity Fix(es):\n\nRsync versionĀ 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.(CVE-2026-43618)\n\nRsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set.(CVE-2026-45232)", "category":"general", "title":"Description" }, { "text":"An update for rsync is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP3/openEuler-24.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"rsync", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-2504", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2504" }, { "summary":"CVE-2026-43618", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43618&packageName=rsync" }, { "summary":"CVE-2026-45232", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45232&packageName=rsync" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43618" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45232" }, { "summary":"openEuler-SA-2026-2504 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2504.json" } ], "title":"An update for rsync is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2026-06-03T14:46:24+08:00", "revision_history":[ { "date":"2026-06-03T14:46:24+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-06-03T14:46:24+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-06-03T14:46:24+08:00", "id":"openEuler-SA-2026-2504", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rsync-3.2.7-10.oe2403sp1.aarch64.rpm", "name":"rsync-3.2.7-10.oe2403sp1.aarch64.rpm" }, "name":"rsync-3.2.7-10.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64.rpm", "name":"rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64.rpm" }, "name":"rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rsync-debugsource-3.2.7-10.oe2403sp1.aarch64.rpm", "name":"rsync-debugsource-3.2.7-10.oe2403sp1.aarch64.rpm" }, "name":"rsync-debugsource-3.2.7-10.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rsync-help-3.2.7-10.oe2403sp1.aarch64.rpm", "name":"rsync-help-3.2.7-10.oe2403sp1.aarch64.rpm" }, "name":"rsync-help-3.2.7-10.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rsync-3.2.7-10.oe2403sp1.src.rpm", "name":"rsync-3.2.7-10.oe2403sp1.src.rpm" }, "name":"rsync-3.2.7-10.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rsync-3.2.7-10.oe2403sp1.x86_64.rpm", "name":"rsync-3.2.7-10.oe2403sp1.x86_64.rpm" }, "name":"rsync-3.2.7-10.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64.rpm", "name":"rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64.rpm" }, "name":"rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rsync-debugsource-3.2.7-10.oe2403sp1.x86_64.rpm", "name":"rsync-debugsource-3.2.7-10.oe2403sp1.x86_64.rpm" }, "name":"rsync-debugsource-3.2.7-10.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rsync-help-3.2.7-10.oe2403sp1.x86_64.rpm", "name":"rsync-help-3.2.7-10.oe2403sp1.x86_64.rpm" }, "name":"rsync-help-3.2.7-10.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rsync-3.2.7-10.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.aarch64", "name":"rsync-3.2.7-10.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64", "name":"rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rsync-debugsource-3.2.7-10.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.aarch64", "name":"rsync-debugsource-3.2.7-10.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rsync-help-3.2.7-10.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.aarch64", "name":"rsync-help-3.2.7-10.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rsync-3.2.7-10.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.src", "name":"rsync-3.2.7-10.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rsync-3.2.7-10.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.x86_64", "name":"rsync-3.2.7-10.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64", "name":"rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rsync-debugsource-3.2.7-10.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.x86_64", "name":"rsync-debugsource-3.2.7-10.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rsync-help-3.2.7-10.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.x86_64", "name":"rsync-help-3.2.7-10.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-43618", "notes":[ { "text":"Rsync versionĀ 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.src", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.src", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.x86_64" ], "details":"rsync security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2504" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.src", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-43618" }, { "cve":"CVE-2026-45232", "notes":[ { "text":"Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.src", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.src", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.x86_64" ], "details":"rsync security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2504" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.7, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.src", "openEuler-24.03-LTS-SP1:rsync-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debuginfo-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-debugsource-3.2.7-10.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:rsync-help-3.2.7-10.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2026-45232" } ] }